CVE-2025-40769

EPSS 0.03%
Veröffentlicht 12.08.2025 11:17:19
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle productcert@siemens.com
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V3.0). The affected application uses a Content Security Policy that allows unsafe script execution methods. This could allow an attacker to execute unauthorized scripts, potentially leading to cross-site scripting attacks.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

CNA 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerSiemens

≫

Produkt SINEC Traffic Analyzer

Default Statusunknown

Version 0

Version < V3.0

Status affected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.072

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
productcert@siemens.com	7.5	0	0	CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
productcert@siemens.com	7.4	1.4	5.9	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-1164 Irrelevant Code

The product contains code that is not essential for execution, i.e. makes no state changes and has no side effects that alter data or control flow, such that removal of the code would have no impact to functionality or correctness.

https://cert-portal.siemens.com/productcert/html/ssa-517338.html

https://nvd.nist.gov/vuln/detail/CVE-2025-40769

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-40769

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-40769

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-40769